BEC Scams Remain a Billion-Dollar Enterprise
Business email compromise (BEC) scams are not going away anytime soon. For such a relatively low-tech type of financial fraud, it has proved to be a high-yield and lucrative enterprise for scammers.
known as email account compromise (EAC), CEO fraud, or
whaling—have been around since at least 2013. Between
October 2013 and May 2018, more than $12 billion in domestic
and international losses were attributed by the FBI to BEC
According to the FBI’s latest Internet Crime Report (ICR), losses from BEC scams amounted to more than $1.2 billion in 2018. This is double the losses in 2017, which stood at $676 million.
|Year||Victim count/complaints||Victim losses|
Table 1. BEC-related victim losses and complaints received by IC3, 2014-2018
In 2018, the FBI’s Internet Crime Complaint Center (IC3) also received 20,373 BEC-related complaints, which is up from 15,690 complaints in 2017. Aggregate losses from internet-enabled theft, fraud, and exploitation reached $2.7 billion in 2018, and losses from BEC scams accounted for almost one-half of this figure. The FBI also said in a July 2018 public service announcement that based on the financial data, banks located in China and Hong Kong were the primary destinations of fraudulent funds, while financial institutions in the UK, Mexico, and Turkey were also prominent destinations.
The good news is that the IC3’s Recovery Asset Team (RAT), which was formed in February 2018, has successfully recovered more than $192 million lost to BEC scams, representing a recovery rate of 75 percent. The RAT reportedly dealt with 1,061 incidents that caused losses of more than $257 million.
To read the full Symantec
BEC report, please visit https://www.symantec.com/blogs/threat-intelligence/bec-scams-trends-and-themes-2019.